[SCM] Samba Shared Repository - branch master updated

Jeremy Allison jra at samba.org
Thu Sep 9 16:29:01 MDT 2010


The branch, master has been updated
       via  718fd39 Fox missing SMB_MALLOC return checks noticed by "Andreas Moroder <andreas.moroder at gmx.net>".
       via  e6b85c2 More paranoia to ensure SD's can't be set on read-only shares.
      from  9962462 s3-selftest: rename printer "print4" to "lp".

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 718fd39f10310d10ebc2276021d97d48f1163a88
Author: Jeremy Allison <jra at samba.org>
Date:   Thu Sep 9 15:29:03 2010 -0700

    Fox missing SMB_MALLOC return checks noticed by "Andreas Moroder <andreas.moroder at gmx.net>".
    
    Jeremy.

commit e6b85c2a7b3cfa0dd3c9859c88e5462c616d5a2a
Author: Jeremy Allison <jra at samba.org>
Date:   Thu Sep 9 15:28:43 2010 -0700

    More paranoia to ensure SD's can't be set on read-only shares.
    
    Jeremy.

-----------------------------------------------------------------------

Summary of changes:
 source3/lib/util_str.c               |    3 +++
 source3/lib/util_unistr.c            |   10 ++++++++++
 source3/libads/sasl.c                |   16 +++++++++++++---
 source3/libnet/libnet_samsync_ldif.c |    3 +++
 source3/libsmb/cliconnect.c          |    5 +++++
 source3/smbd/nttrans.c               |    4 ++++
 6 files changed, 38 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/lib/util_str.c b/source3/lib/util_str.c
index f93832e..449b5d1 100644
--- a/source3/lib/util_str.c
+++ b/source3/lib/util_str.c
@@ -2067,6 +2067,9 @@ void string_append(char **left, const char *right)
 
 	if (*left == NULL) {
 		*left = (char *)SMB_MALLOC(new_len);
+		if (*left == NULL) {
+			return;
+		}
 		*left[0] = '\0';
 	} else {
 		new_len += strlen(*left);
diff --git a/source3/lib/util_unistr.c b/source3/lib/util_unistr.c
index f53ef94..4cda38d 100644
--- a/source3/lib/util_unistr.c
+++ b/source3/lib/util_unistr.c
@@ -109,6 +109,11 @@ void load_case_tables(void)
 	if (!upcase_table) {
 		DEBUG(1,("creating lame upcase table\n"));
 		upcase_table = (smb_ucs2_t *)SMB_MALLOC(0x20000);
+		if (!upcase_table) {
+			smb_panic("lame upcase table malloc fail");
+			/* notreached. */
+			return;
+		}
 		for (i=0;i<0x10000;i++) {
 			smb_ucs2_t v;
 			SSVAL(&v, 0, i);
@@ -124,6 +129,11 @@ void load_case_tables(void)
 	if (!lowcase_table) {
 		DEBUG(1,("creating lame lowcase table\n"));
 		lowcase_table = (smb_ucs2_t *)SMB_MALLOC(0x20000);
+		if (!lowcase_table) {
+			smb_panic("lame lowcase table malloc fail");
+			/* notreached. */
+			return;
+		}
 		for (i=0;i<0x10000;i++) {
 			smb_ucs2_t v;
 			SSVAL(&v, 0, i);
diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
index 7ad4c9a..051fc96 100644
--- a/source3/libads/sasl.c
+++ b/source3/libads/sasl.c
@@ -987,6 +987,11 @@ static ADS_STATUS ads_sasl_gssapi_do_bind(ADS_STRUCT *ads, const gss_name_t serv
 
 	output_token.length = 4;
 	output_token.value = SMB_MALLOC(output_token.length);
+	if (!output_token.value) {
+		output_token.length = 0;
+		status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+		goto failed;
+	}
 	p = (uint8 *)output_token.value;
 
 	RSIVAL(p,0,max_msg_size);
@@ -1002,14 +1007,19 @@ static ADS_STATUS ads_sasl_gssapi_do_bind(ADS_STRUCT *ads, const gss_name_t serv
 	 */
 
 	gss_rc = gss_wrap(&minor_status, context_handle,0,GSS_C_QOP_DEFAULT,
-			  &output_token, &conf_state,
-			  &input_token);
+			&output_token, /* used as *input* here. */
+			&conf_state,
+			&input_token); /* Used as *output* here. */
 	if (gss_rc) {
 		status = ADS_ERROR_GSS(gss_rc, minor_status);
+		output_token.length = 0;
+		SAFE_FREE(output_token.value);
 		goto failed;
 	}
 
-	free(output_token.value);
+	/* We've finished with output_token. */
+	SAFE_FREE(output_token.value);
+	output_token.length = 0;
 
 	cred.bv_val = (char *)input_token.value;
 	cred.bv_len = input_token.length;
diff --git a/source3/libnet/libnet_samsync_ldif.c b/source3/libnet/libnet_samsync_ldif.c
index f18ba5b..96bad4d 100644
--- a/source3/libnet/libnet_samsync_ldif.c
+++ b/source3/libnet/libnet_samsync_ldif.c
@@ -83,6 +83,9 @@ static NTSTATUS populate_ldap_for_ldif(const char *sid,
 	if (suffix_attr == NULL) {
 		len = strlen(suffix);
 		suffix_attr = (char*)SMB_MALLOC(len+1);
+		if (!suffix_attr) {
+			return NT_STATUS_NO_MEMORY;
+		}
 		memcpy(suffix_attr, suffix, len);
 		suffix_attr[len] = '\0';
 	}
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 49da8ed..169bf4f 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -2135,6 +2135,11 @@ static void cli_negprot_done(struct tevent_req *subreq)
 			SAFE_FREE(cli->inbuf);
 			cli->outbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+LARGE_WRITEX_HDR_SIZE+SAFETY_MARGIN);
 			cli->inbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+LARGE_WRITEX_HDR_SIZE+SAFETY_MARGIN);
+			if (!cli->outbuf || !cli->inbuf) {
+				tevent_req_nterror(req,
+						NT_STATUS_NO_MEMORY);
+				return;
+			}
 			cli->bufsize = CLI_SAMBA_MAX_LARGE_READX_SIZE + LARGE_WRITEX_HDR_SIZE;
 		}
 
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 1e4e06c..b602a51 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -836,6 +836,10 @@ NTSTATUS set_sd(files_struct *fsp, uint8_t *data, uint32_t sd_len,
 	struct security_descriptor *psd = NULL;
 	NTSTATUS status;
 
+	if (!CAN_WRITE(fsp->conn)) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
 	if (sd_len == 0 || !lp_nt_acl_support(SNUM(fsp->conn))) {
 		return NT_STATUS_OK;
 	}


-- 
Samba Shared Repository


More information about the samba-cvs mailing list